Open NFS ports
SharedV4 volumes require specific open NFS ports to allow for communication between nodes in your cluster. Depending on how your cluster is configured, your firewall may block some of these ports or your NFS ports may differ from the defaults. To solve this, you may need to manually assign NFS ports and ensure your firewall or ACL allows them to communicate.
This document provides instructions for detecting and opening NFS ports according to various cluster configurations you may have.
Prerequistes
All of the use-cases in this document require the default Portworx ranges be open between hosts: ports 9001 - 9028 and port 111.
Determine which ports to open
Enter the rpcinfo command with the -p flag to find which ports NFS is using on your node:
rpcinfo -pSharedV4 volumes communicate over the following ports:
- portmapper: 111 (default on all linux distributions)
- nfs service: 2049 (default on all linux distributions)
- mountd: 20048 (depends on the linux distribution)
If the default ports your OS uses match these ports, proceed to the Open NFS ports on most Linux distributions section.
If the NFS ports on your OS do not match these ports, or your ports are chosen randomly by your OS, proceed to the Manually assign and open NFS ports section.
Open NFS ports on most Linux distributions
If your Linux distribution uses the default ports identified in the section above, you do not need to manually assign any ports for NFS, but you may need to open them.
Ensure your ports are open on any firewalls and your ACL by entering the following iptables command:
iptables -I INPUT -p tcp -m tcp --match multiport --dports 111,2049,20048 -j ACCEPT
iptables -I OUTPUT -p tcp -m tcp --match multiport --dports 111,2049,20048 -j ACCEPTOnce you’ve determined your hosts are using the default ports and opened those ports, you can start using sharedV4 volumes.
Manually assign and open NFS ports
For certain Linux distributions, the OS chooses the mountd port randomly every time the node reboots. To solve this, you must manually assign NFS ports, and how you accomplish this depends on your OS.
Only perform the steps in one of the following sections if:
- The
mountdport is not fixed (and not 20048) and is chosen at random by your Linux distribution. - You wish to open a contiguous range of ports for Portworx and want to shift the default NFS ports to the Portworx port range.
If you do need to manually assign and open NFS ports, follow the steps in the section that applies for your OS:
Assign NFS ports on CentOS and Red Hat Enterprise Linux
Modify the
/etc/sysconfig/nfsfile, uncommenting or adding the following fields and assigning the associated values:LOCKD_TCPPORT=9023LOCKD_UDPPORT=9024MOUNTD_PORT=9025STATD_PORT=9026
Enter the
systemctl restart nfs-servercommand to restart the NFS server:systemctl restart nfs-serverOpen the newly assigned NFS ports on your access control list:
iptables -I INPUT -p tcp -m tcp --match multiport --dports 111,2049,9023,9025,9026 -j ACCEPT iptables -I OUTPUT -p tcp -m tcp --match multiport --dports 111,2049,9023,9025,9026 -j ACCEPT iptables -I INPUT -p udp -m udp --dport 9024 -j ACCEPT iptables -I OUTPUT -p udp -m udp --dport 9024 -j ACCEPT
Open NFS ports on Debian-based Linux
Modify the
/run/sysconfig/nfs-utilsfile, uncommenting or adding the following fields and assigning the associated values:RPCNFSDARGS=" 8 --port 9023": append the--port 9023option to any existing values.RPCMOUNTDARGS="--port 9024": add the--port 9024option.STATDARGS="--port 9025 --outgoing-port 9026": add the--port 9025and--outgoing-port 9026options.
Enter the following commands to restart the NFS server:
systemctl daemon-reload systemctl restart rpc-statd systemctl restart rpc-mountd systemctl restart nfs-serverOpen the newly assigned NFS ports on your access control list:
iptables -I INPUT -p tcp -m tcp --match multiport --dports 111,2049,9023,9025,9026 -j ACCEPT iptables -I OUTPUT -p tcp -m tcp --match multiport --dports 111,2049,9023,9025,9026 -j ACCEPT iptables -I INPUT -p udp -m udp --dport 9024 -j ACCEPT iptables -I OUTPUT -p udp -m udp --dport 9024 -j ACCEPT
Open NFS ports on CoreOS
The following sharedv4 NFS services run on a node when Portworx is installed with sharedv4 support:
- portmapper
- status
- mountd
- nfs and nfs_acl
- nlockmgr
View these services and the port they are using by entering the rcpinfo -p command:
```text
rcpinfo -p
```
By default, services like mountd and nlockmgr run on random ports and must be fixed to a specific port.
Configure nfs, nfs_acl, and lockd ports
By default, the nfs-server.service configuration file is located under the following directory:
/usr/lib/systemd/system/nfs-server.serviceCheck the status of the existing
nfs-server.service:systemctl status nfs-serverCopy the systemd unit file from the
usrdirectory into theetcdirectory:cp /usr/lib/systemd/system/nfs-server.service /etc/systemd/system/nfs-server.serviceOpen
/etc/systemd/system/nfs-server.servicein a text editor and, under the[Service]section, add the--port 9023value to theExecStart=/usr/sbin/rpc.nfsdkey:[Service] Type=oneshot RemainAfterExit=yes ExecStartPre=/usr/sbin/exportfs -r ExecStart=/usr/sbin/rpc.nfsd --port 9023 ExecStop=/usr/sbin/rpc.nfsd 0 ExecStopPost=/usr/sbin/exportfs -au ExecStopPost=/usr/sbin/exportfs -fUpdate the
lockdports:echo 9027 > /proc/sys/fs/nfs/nlm_udpport echo 9028 > /proc/sys/fs/nfs/nlm_tcpportEnsure the
lockdmanager ports persist over node reboots by creating a100-nfs-ports.conffile under the/etc/sysctl.d/folder and adding the ports to it:cat /etc/sysctl.d/100-nfs-ports.conf fs.nfs.nlm_tcpport = 9027 fs.nfs.nlm_udpport = 9028Reload the
systemddaemon and restart thenfs-serverservice:systemctl daemon-reload systemctl restart nfs-serverVerify that the NFS services are running on the ports you configured by searching the output of
rcpinfo -p:rpcinfo -p | grep nfs100003 3 tcp 9023 nfs 100003 4 tcp 9023 nfs 100227 3 tcp 9023 nfs_aclrpcinfo -p | grep nlock100021 1 udp 9027 nlockmgr 100021 3 udp 9027 nlockmgr 100021 4 udp 9027 nlockmgr 100021 1 tcp 9028 nlockmgr 100021 3 tcp 9028 nlockmgr 100021 4 tcp 9028 nlockmgr
Configure mountd services
Check the status of the existing
nfs-server.service:systemctl status nfs-mountdCopy the systemd unit file from the
usrdirectory into theetcdirectory:cp /usr/lib/systemd/system/nfs-mountd.service /etc/systemd/system/nfs-mountd.serviceOpen
/etc/systemd/system/nfs-mountd.servicein a text editor and, under the[Service]section, add the--port 9024value to theExecStart=/usr/sbin/rpc.mountdkey:... [Service] Type=forking ExecStart=/usr/sbin/rpc.mountd --port 9024Reload the
systemddaemon and restart thenfs-serverservice:systemctl daemon-reload systemctl restart nfs-serverVerify that the NFS services are running on the ports you configured by searching the output of
rcpinfo -p:rpcinfo -p | grep mountd100005 1 udp 9024 mountd 100005 1 tcp 9024 mountd 100005 2 udp 9024 mountd 100005 2 tcp 9024 mountd 100005 3 udp 9024 mountd 100005 3 tcp 9024 mountd
Configure statd services
Check the status of the existing
rpc-statd.service:systemctl status rpc-statdCopy the systemd unit file from the
usrdirectory into theetcdirectory:cp /usr/lib/systemd/system/rpc-statd.service /etc/systemd/system/rpc-statd.serviceOpen
/etc/systemd/system/rpc-statd.servicein a text editor and, under the[Service]section, add the--port 9025and--outgoing-port 9026value to theExecStart=/usr/sbin/rpc.statdkey:... [Service] Environment=RPC_STATD_NO_NOTIFY=1 Type=forking PIDFile=/var/run/rpc.statd.pid ExecStart=/usr/sbin/rpc.statd --port 9025 --outgoing-port 9026Reload the
systemddaemon and restart therpc-statdservice:systemctl daemon-reload systemctl restart rpc-statdVerify that the NFS services are running on the ports you configured by searching the output of
rcpinfo -p:rpcinfo -p | grep status100024 1 udp 9025 status 100024 1 tcp 9025 status